Tuesday, 10 April 2012

[EN] VirtueMart 2.0.2 Bugs - UPDATED!

Ok. :] (According to this;))

I just found some informations about "possible sql injection" in latest VirtueMart (2.0.2).
So yes, it is true. ;) But I'm not the author of 'public' ;D So I asked myt self how it was happened... ;]

Why I decide to write this here. I found this vulnerability in 5.04 this year, and now I saw that someone is public it (the same) at 6.04 ;)
So that's why I want to share with You a full detailed technical information about this "possibility".

Anyway, beside SQL-i, in VM there are some kind of other vulnerabilities. I'm talking about information disclosure bugs.
If user submit a 'wrong url' then (because of wrong validation) he can get /path/to/your/virtuemart.
This information can be usable to other (extend) attacks.

This is my first post here, so if I found an 'add image' option, I will paste it some screens.

Cheers! ;)

Details below:

1. Attacker can get information from database.

2. Some information disclosure bugs:
(2.1 "Brute" input)
And output:

3. SQL Injection *tmp* screens:

And last screen for "when did I found it":

Cheers! ;)

No comments:

Post a comment

What do You think...?